Permalink
Browse files

Better integration of disabling header blacklist, use setDisableHeade…

…rCheck
  • Loading branch information...
1 parent 7d9c882 commit 193b0d991c9e4459516768cbdfaab815bc4d7c0e @driverdan committed Aug 30, 2012
Showing with 25 additions and 41 deletions.
  1. +0 −2 README.md
  2. +9 −18 lib/XMLHttpRequest.js
  3. +0 −20 tests/header_set.js
  4. +16 −1 tests/test-headers.js
View
@@ -1,7 +1,5 @@
# node-XMLHttpRequest #
-this is a fork with support for disabling header checking.
-
node-XMLHttpRequest is a wrapper for the built-in http client to emulate the
browser XMLHttpRequest object.
View
@@ -31,8 +31,9 @@ exports.XMLHttpRequest = function() {
// Request settings
var settings = {};
- //headerscheck
- var disableHeaderChecking = false;
+ // Disable header blacklist.
+ // Not part of XHR specs.
+ var disableHeaderCheck = false;
// Set some default headers
var defaultHeaders = {
@@ -120,14 +121,7 @@ exports.XMLHttpRequest = function() {
* @return boolean False if not allowed, otherwise true
*/
var isAllowedHttpHeader = function(header) {
- if (disableHeaderChecking)
- {
- return true
- }
- else
- {
- return (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
- }
+ return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
};
/**
@@ -173,18 +167,15 @@ exports.XMLHttpRequest = function() {
setState(this.OPENED);
};
-
-
+
/**
* Disables or enables isAllowedHttpHeader() check the request. Enabled by default.
+ * This does not conform to the W3C spec.
*
- * @param State true or false
- *
- * This is a more advance feature. This does not conform to the W3C spec
- *
+ * @param boolean state Enable or disable header checking.
*/
- this.disableHeaderCheck = function(state) {
- disableHeaderChecking = state;
+ this.setDisableHeaderCheck = function(state) {
+ disableHeaderCheck = state;
}
/**
View
@@ -1,20 +0,0 @@
-var sys = require('util');
-var XMLHttpRequest = require("./lib/xmlhttprequest").XMLHttpRequest;
-
-var xhr = new XMLHttpRequest();
-
-xhr.onreadystatechange = function() {
- sys.puts("State: " + this.readyState);
-
- if (this.readyState == 4) {
- sys.puts("Complete.\nBody length: " + this.responseText.length);
- sys.puts("Body:\n" + this.responseText);
- }
-};
-
-xhr.open("GET", "http://localhost/ua_test.php");
-
-xhr.disableHeaderCheck(true)//Disable check
-
-xhr.setRequestHeader('User-Agent', 'Search bot'); //set forbidden header
-xhr.send();
View
@@ -8,6 +8,10 @@ var sys = require("util")
var server = http.createServer(function (req, res) {
// Test setRequestHeader
assert.equal("Foobar", req.headers["x-test"]);
+ // Test non-conforming allowed header
+ assert.equal("node-XMLHttpRequest-test", req.headers["user-agent"]);
+ // Test header set with blacklist disabled
+ assert.equal("http://github.com", req.headers["referer"]);
var body = "Hello World";
res.writeHead(200, {
@@ -17,6 +21,7 @@ var server = http.createServer(function (req, res) {
// Actual values don't matter
"Set-Cookie": "foo=bar",
"Set-Cookie2": "bar=baz",
+ "Date": "Thu, 30 Aug 2012 18:17:53 GMT",
"Connection": "close"
});
res.write("Hello World");
@@ -28,7 +33,7 @@ var server = http.createServer(function (req, res) {
xhr.onreadystatechange = function() {
if (this.readyState == 4) {
// Test getAllResponseHeaders()
- var headers = "content-type: text/plain\r\ncontent-length: 11\r\nconnection: close";
+ var headers = "content-type: text/plain\r\ncontent-length: 11\r\ndate: Thu, 30 Aug 2012 18:17:53 GMT\r\nconnection: close";
assert.equal(headers, this.getAllResponseHeaders());
// Test case insensitivity
@@ -53,8 +58,18 @@ try {
xhr.setRequestHeader("X-Test", "Foobar");
// Invalid header
xhr.setRequestHeader("Content-Length", 0);
+ // Allowed header outside of specs
+ xhr.setRequestHeader("user-agent", "node-XMLHttpRequest-test");
// Test getRequestHeader
assert.equal("Foobar", xhr.getRequestHeader("X-Test"));
+ // Test invalid header
+ assert.equal("", xhr.getRequestHeader("Content-Length"));
+
+ // Test allowing all headers
+ xhr.setDisableHeaderCheck(true);
+ xhr.setRequestHeader("Referer", "http://github.com");
+ assert.equal("http://github.com", xhr.getRequestHeader("Referer"));
+
xhr.send();
} catch(e) {
console.log("ERROR: Exception raised", e);

0 comments on commit 193b0d9

Please sign in to comment.